Update index.html

Update README.md

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,38 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Desktop (please complete the following information):**
+ - OS: [e.g. iOS]
+ - Browser [e.g. chrome, safari]
+ - Version [e.g. 22]
+
+**Smartphone (please complete the following information):**
+ - Device: [e.g. iPhone6]
+ - OS: [e.g. iOS8.1]
+ - Browser [e.g. stock browser, safari]
+ - Version [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,21 @@
+#### Change description
+
+
+<!--
+Please provide a description above.
+-->
+
+#### Checklist
+<!-- Remove items that do not apply. For completed items, change [ ] to [x]. -->
+
+Web application changes:
+- [ ] Run `npm run lint` to check code style
+- [ ] Run `npm run format` to format code
+- [ ] Run `npm run test` to verify end-to-end tests pass 
+
+Database changes:
+- [ ] Run `npm run gents` if database structure was modified
+- [ ] Run `formatsql` command to format SQL migrations (requires `nix develop .#api`)
+
+Nix changes:
+- [ ] Run `nix fmt` if files in `nix` directory were modified

.github/workflows/static.yml

@@ -0,0 +1,43 @@
+# Simple workflow for deploying static content to GitHub Pages
+name: Deploy static content to Pages
+
+on:
+  # Runs on pushes targeting the default branch
+  push:
+    branches: ["main"]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
+concurrency:
+  group: "pages"
+  cancel-in-progress: false
+
+jobs:
+  # Single deploy job since we're just deploying
+  deploy:
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Pages
+        uses: actions/configure-pages@v5
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v3
+        with:
+          # Upload entire repository
+          path: './website'
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4

.github/workflows/test.yml

@@ -23,7 +23,7 @@ jobs:
       run: |
         wait_for_postgres() {
           echo "Waiting for PostgreSQL to be ready..."
-          while ! nix shell nixpkgs#postgresql_16 -c pg_isready -h localhost -p 15432 -U postgres; do
+          while ! nix shell nixpkgs#postgresql -c pg_isready -h 127.0.0.1 -p 15432 -U postgres; do
             sleep 1
           done
           echo "PostgreSQL is ready."
@@ -31,10 +31,10 @@ jobs:
 
         wait_for_postgrest() {
           echo "Waiting for PostgREST to be live and ready..."
-          while ! curl -s -I "http://localhost:3001/live" | grep "OK"; do
+          while ! curl -s -I "http://127.0.0.1:3001/live" | grep "OK"; do
             sleep 1
           done
-          while ! curl -s -I "http://localhost:3001/ready" | grep "OK"; do
+          while ! curl -s -I "http://127.0.0.1:3001/ready" | grep "OK"; do
             sleep 1
           done
           echo "PostgREST is live and ready."

CODE_OF_CONDUCT.md

@@ -0,0 +1,128 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+contact@archtika.com.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior,  harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.

CONTRIBUTING.md

@@ -0,0 +1,3 @@
+# How to contribute
+
+Please refer to the [documentation article on contributing](https://archtika.demo.archtika.com/archtika-documentation/articles/contributing) for all information.

README.md

@@ -1,36 +1,16 @@
 # archtika
 
+> [!IMPORTANT]  
+> This project will no longer be maintained. It was intended as a proof of concept to demonstrate how to create, package and deploy a complex application using PostgreSQL, PostgREST, Nix and NixOS. However, it can still be used as a reference.
+>
+> Most of the necessary source code can be found in this repository, except for the [derivation for the NixOS module](https://github.com/NixOS/nixpkgs/blob/1ba18a17ebd052ab4a5d30f47073be68f7b50a26/nixos/modules/services/web-apps/archtika.nix) and the [derivation for the entire package](https://github.com/NixOS/nixpkgs/blob/1ba18a17ebd052ab4a5d30f47073be68f7b50a26/pkgs/by-name/ar/archtika/package.nix).
+>
+> For more information about archtika, please refer to the [documentation](https://github.com/thiloho/archtika/wiki), which has been moved from an individual website to this GitHub repository.
+
 ## About
   
-archtika is a FLOSS, modern, performant and lightweight CMS (Content Mangement System) in the form of a web application. It allows you to easily create, manage and publish minimal, responsive and SEO friendly blogging and documentation websites with official, professionally designed templates.
+archtika is a FLOSS, modern, performant, lightweight and self-hosted CMS (Content Mangement System) in the form of a web application. It allows you to easily create, manage and publish minimal, responsive and SEO friendly blogging and documentation websites using the templates provided. Contributors can also be added to a website, allowing multiple people to work on a project.
 
-It is also possible to add contributors to your sites, which is very useful for larger projects where, for example, several people are constantly working on the documentation.
+## Preview
 
-## How it works
+[archtika-video-preview.webm](https://github.com/user-attachments/assets/7a43931c-6d9e-484a-8238-29e3d9bfb603)
-
-For the backend, PostgreSQL is used in combination with PostgREST to create a RESTful API. JSON web tokens along with row-level security control authentication and authorisation flows.
-
-The web application uses SvelteKit with SSR (Server Side Rendering) and Svelte version 5, currently in beta.
-
-NGINX is used to deploy the websites, serving the static site files from the `/var/www/archtika-websites` directory. The static files can be found in this directory via the path `<user_id>/<website_id>`, which is dynamically created by the web application.
-
-
-## Virtual machine for local development
-
-The website directory used by the virtual machine needs to be created and the NodeJS process, which typically runs as the default system user, needs permission to write to this directory.
-
-This can be achieved using the following commands:
-
-```bash
-sudo mkdir -p /var/www/archtika-websites
-```
-
-```bash
-sudo chown $USER:$(id -gn) /var/www/archtika-websites
-```
-
-```bash
-nix run .#dev-vm
-```
-
-For production, a separate `node` user can be created to run the systemd service for the node process; this user would have only the essential permissions to maintain the principle of least privilege.

SECURITY.md

@@ -0,0 +1,3 @@
+# Reporting Security Issues
+
+To report a security issue, please use the GitHub Security Advisory ["Report a Vulnerability"](https://github.com/archtika/archtika/security/advisories/new) tab.

flake.lock

@@ -2,11 +2,11 @@
   "nodes": {
     "nixpkgs": {
       "locked": {
-        "lastModified": 1729256560,
+        "lastModified": 1741379970,
-        "narHash": "sha256-/uilDXvCIEs3C9l73JTACm4quuHUsIHcns1c+cHUJwA=",
+        "narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0",
+        "rev": "36fd87baa9083f34f7f5027900b62ee6d09b1f2f",
         "type": "github"
       },
       "original": {

flake.nix

@@ -14,6 +14,8 @@
       ];
 
       forAllSystems = nixpkgs.lib.genAttrs allSystems;
+
+      dbUrl = user: "postgres://${user}@127.0.0.1:15432/archtika";
     in
     {
       devShells = forAllSystems (
@@ -24,19 +26,19 @@
         {
           api = pkgs.mkShell {
             packages = with pkgs; [
-              postgresql_16
+              postgresql
               postgrest
             ];
             shellHook = ''
-              alias dbmate="${pkgs.dbmate}/bin/dbmate --no-dump-schema --url postgres://postgres@localhost:15432/archtika?sslmode=disable"
+              alias dbmate="${pkgs.dbmate}/bin/dbmate --no-dump-schema --url ${dbUrl "postgres"}?sslmode=disable"
               alias formatsql="${pkgs.pgformatter}/bin/pg_format -s 2 -f 2 -U 2 -i db/migrations/*.sql"
-              alias dbconnect="${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:15432/archtika"
+              alias dbconnect="${pkgs.postgresql}/bin/psql ${dbUrl "postgres"}"
             '';
           };
           web = pkgs.mkShell {
-            packages = with pkgs; [ nodejs_22 ];
+            packages = with pkgs; [ nodejs ];
             shellHook = ''
-              export PLAYWRIGHT_BROWSERS_PATH=${pkgs.playwright-driver.browsers}
+              export PLAYWRIGHT_BROWSERS_PATH=${pkgs.playwright.browsers}
               export PLAYWRIGHT_SKIP_VALIDATE_HOST_REQUIREMENTS=true
             '';
           };
@@ -65,18 +67,31 @@
         {
           api = {
             type = "app";
-            program = "${pkgs.writeShellScriptBin "api-setup" ''
+            program =
-              JWT_SECRET=$(tr -dc 'A-Za-z0-9' < /dev/urandom | head -c64)
+              let
-              WEBSITE_MAX_STORAGE_SIZE=100
+                settings = {
-              WEBSITE_MAX_NUMBER_USER=3
+                  maxStorage = 100;
+                  maxWebsites = 3;
+                };
+                jwtSecret = "BMlgCY9fEzmf7jhQpNnxlS6TM8E6xk2vS08C3ukm5LM2aTooaF5PfxT3o2K9uKzq";
+              in
+              "${pkgs.writeShellScriptBin "api-setup" ''
+                ${pkgs.postgresql}/bin/psql ${dbUrl "postgres"} \
+                  -c "ALTER DATABASE archtika SET \"app.jwt_secret\" TO '${jwtSecret}'" \
+                  -c "ALTER DATABASE archtika SET \"app.website_max_storage_size\" TO ${toString settings.maxStorage}" \
+                  -c "ALTER DATABASE archtika SET \"app.website_max_number_user\" TO ${toString settings.maxWebsites}"
 
-              ${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:15432/archtika -c "ALTER DATABASE archtika SET \"app.jwt_secret\" TO '$JWT_SECRET'"
+                ${pkgs.dbmate}/bin/dbmate --no-dump-schema \
-              ${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:15432/archtika -c "ALTER DATABASE archtika SET \"app.website_max_storage_size\" TO $WEBSITE_MAX_STORAGE_SIZE"
+                  --url ${dbUrl "postgres"}?sslmode=disable \
-              ${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:15432/archtika -c "ALTER DATABASE archtika SET \"app.website_max_number_user\" TO $WEBSITE_MAX_NUMBER_USER"
+                  --migrations-dir ${self.outPath}/rest-api/db/migrations up
 
-              ${pkgs.dbmate}/bin/dbmate --url postgres://postgres@localhost:15432/archtika?sslmode=disable --migrations-dir ${self.outPath}/rest-api/db/migrations up
+                PGRST_ADMIN_SERVER_PORT=3001 \
-
+                PGRST_DB_SCHEMAS="api" \
-              PGRST_ADMIN_SERVER_PORT=3001 PGRST_DB_SCHEMAS="api" PGRST_DB_ANON_ROLE="anon" PGRST_OPENAPI_MODE="ignore-privileges" PGRST_DB_URI="postgres://authenticator@localhost:15432/archtika" PGRST_JWT_SECRET="$JWT_SECRET" ${pkgs.postgrest}/bin/postgrest
+                PGRST_DB_ANON_ROLE="anon" \
+                PGRST_OPENAPI_MODE="ignore-privileges" \
+                PGRST_DB_URI="${dbUrl "authenticator"}" \
+                PGRST_JWT_SECRET="${jwtSecret}" \
+                ${pkgs.postgrest}/bin/postgrest
               ''}/bin/api-setup";
           };
         }

nix/deploy/prod/default.nix

@@ -1,9 +1,13 @@
 { pkgs, localArchtikaPackage, ... }:
+let
+  domain = "demo.archtika.com";
+  docsSubdomain = "docs.archtika.com";
+  portfolioDomain = "thilohohlt.com";
+in
 {
   imports = [
     ./hardware-configuration.nix
     ../shared.nix
-    ../../module.nix
   ];
 
   networking.hostName = "archtika-demo";
@@ -11,14 +15,50 @@
   services.archtika = {
     enable = true;
     package = localArchtikaPackage;
-    domain = "demo.archtika.com";
+    inherit domain;
-    acmeEmail = "thilo.hohlt@tutanota.com";
-    dnsProvider = "porkbun";
-    dnsEnvironmentFile = /var/lib/porkbun.env;
     settings = {
       disableRegistration = true;
-      maxWebsiteStorageSize = 50;
-      maxUserWebsites = 2;
     };
   };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "thilo.hohlt@tutanota.com";
+    certs."${domain}" = {
+      inherit domain;
+      extraDomainNames = [
+        "*.${domain}"
+        docsSubdomain
+      ];
+      dnsProvider = "porkbun";
+      environmentFile = /var/lib/porkbun.env;
+      group = "nginx";
+    };
+  };
+
+  services.nginx.virtualHosts."${docsSubdomain}" = {
+    useACMEHost = domain;
+    forceSSL = true;
+    locations = {
+      "/" = {
+        root = "/var/www/archtika-websites/archtika/archtika-documentation";
+        index = "index.html";
+        tryFiles = "$uri $uri/ $uri.html =404";
+      };
+    };
+  };
+
+  services.nginx.virtualHosts."${portfolioDomain}" = {
+    enableACME = true;
+    forceSSL = true;
+    locations = {
+      "/" = {
+        root = "/var/www/archtika-websites/thiloho/thilo-hohlt";
+        index = "index.html";
+        tryFiles = "$uri $uri/ $uri.html =404";
+      };
+    };
+  };
+
+  services.postgresql.settings.default_text_search_config = "pg_catalog.english";
 }

nix/deploy/qs/default.nix

@@ -1,9 +1,11 @@
 { pkgs, localArchtikaPackage, ... }:
+let
+  domain = "qs.archtika.com";
+in
 {
   imports = [
     ./hardware-configuration.nix
     ../shared.nix
-    ../../module.nix
   ];
 
   networking.hostName = "archtika-qs";
@@ -11,14 +13,23 @@
   services.archtika = {
     enable = true;
     package = localArchtikaPackage;
-    domain = "qs.archtika.com";
+    inherit domain;
-    acmeEmail = "thilo.hohlt@tutanota.com";
-    dnsProvider = "porkbun";
-    dnsEnvironmentFile = /var/lib/porkbun.env;
     settings = {
       disableRegistration = true;
-      maxWebsiteStorageSize = 250;
-      maxUserWebsites = 3;
     };
   };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "thilo.hohlt@tutanota.com";
+    certs."${domain}" = {
+      inherit domain;
+      extraDomainNames = [ "*.${domain}" ];
+      dnsProvider = "porkbun";
+      environmentFile = /var/lib/porkbun.env;
+      group = "nginx";
+    };
+  };
+
+  services.postgresql.settings.default_text_search_config = "pg_catalog.english";
 }

nix/deploy/shared.nix

@@ -32,7 +32,7 @@
     users = {
       root = {
         openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFE42q8e7egSSTs4YJo8vQFDbRWqrGTQkR1weq8nT0Zx thiloho@pc"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlDyJt72c/mxyN9cujc081J3uzWCyKtr4k2faBtgldD thiloho@pc"
         ];
         hashedPassword = "$y$j9T$MuWDs5Ind6VPEM78u5VTy/$XAuRCaOPtS/8Vj8XgpxB/XX2ygftNLql2VrFWcC/sq7";
       };
@@ -44,8 +44,7 @@
         ];
         hashedPassword = "$y$j9T$Y0ffzVb7wrZSdCKbiYHin0$oahgfFqH/Eep6j6f4iKPETEfGZSOkgu74UT2eyG2uI1";
         openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBj6+r+vMXJyy5wvQTLyfd2rIw62WCg9eIpwsciHg4ym thiloho@pc"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlDyJt72c/mxyN9cujc081J3uzWCyKtr4k2faBtgldD thiloho@pc"
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIgfOa8N46PBUO2gj8UeyrV0R+MRZFnJqUzG132UjaFS thiloho@laptop"
         ];
       };
     };

nix/dev-vm.nix

@@ -20,9 +20,20 @@
     password = "dev";
   };
 
-  systemd.tmpfiles.rules = [ "d /var/www/archtika-websites 0777 root root -" ];
+  systemd.tmpfiles.settings = {
+    "10-archtika" = {
+      "/var/www/archtika-websites" = {
+        d = {
+          mode = "0777";
+          user = "root";
+          group = "root";
+        };
+      };
+    };
+  };
 
   virtualisation = {
+    msize = 65536;
     graphics = false;
     memorySize = 2048;
     cores = 2;
@@ -51,23 +62,13 @@
   services = {
     postgresql = {
       enable = true;
-      package = pkgs.postgresql_16;
-      /*
-        PL/Perl:
-        overrideAttrs (
-          finalAttrs: previousAttrs: {
-            buildInputs = previousAttrs.buildInputs ++ [ pkgs.perl ];
-            configureFlags = previousAttrs.configureFlags ++ [ "--with-perl" ];
-          }
-        );
-      */
       ensureDatabases = [ "archtika" ];
       authentication = lib.mkForce ''
         local all all trust
         host all all all trust
       '';
       enableTCPIP = true;
-      extraPlugins = with pkgs.postgresql16Packages; [ pgjwt ];
+      extensions = ps: with ps; [ pgjwt ];
     };
     nginx = {
       enable = true;
@@ -105,10 +106,13 @@
 
   systemd.services.postgresql = {
     path = with pkgs; [
-      # Tar and gzip are needed for tar.gz exports
       gnutar
       gzip
     ];
+
+    serviceConfig = {
+      ReadWritePaths = [ "/var/www/archtika-websites" ];
+    };
   };
 
   services.getty.autologinUser = "dev";

nix/docker.nix

@@ -26,7 +26,7 @@ pkgs.dockerTools.buildLayeredImage {
   contents = [
     archtika
     entrypoint
-    pkgs.postgresql_16
+    pkgs.postgresql
     pkgs.nginx
     pkgs.acme-sh
     pkgs.bash

nix/module.nix

@@ -1,309 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-
-with lib;
-
-let
-  cfg = config.services.archtika;
-  baseHardenedSystemdOptions = {
-    CapabilityBoundingSet = "";
-    LockPersonality = true;
-    NoNewPrivileges = true;
-    PrivateDevices = true;
-    PrivateTmp = true;
-    ProtectClock = true;
-    ProtectControlGroups = true;
-    ProtectHome = true;
-    ProtectHostname = true;
-    ProtectKernelLogs = true;
-    ProtectKernelModules = true;
-    ProtectKernelTunables = true;
-    ProtectSystem = "strict";
-    RemoveIPC = true;
-    RestrictNamespaces = true;
-    RestrictRealtime = true;
-    RestrictSUIDSGID = true;
-    SystemCallArchitectures = "native";
-    SystemCallFilter = [
-      "@system-service"
-      "~@privileged"
-      "~@resources"
-    ];
-
-    ReadWritePaths = [ "/var/www/archtika-websites" ];
-  };
-in
-{
-  options.services.archtika = {
-    enable = mkEnableOption "archtika service";
-
-    package = mkPackageOption pkgs "archtika" { };
-
-    user = mkOption {
-      type = types.str;
-      default = "archtika";
-      description = "User account under which archtika runs.";
-    };
-
-    group = mkOption {
-      type = types.str;
-      default = "archtika";
-      description = "Group under which archtika runs.";
-    };
-
-    databaseName = mkOption {
-      type = types.str;
-      default = "archtika";
-      description = "Name of the PostgreSQL database for archtika.";
-    };
-
-    apiPort = mkOption {
-      type = types.port;
-      default = 5000;
-      description = "Port on which the API runs.";
-    };
-
-    apiAdminPort = mkOption {
-      type = types.port;
-      default = 7500;
-      description = "Port on which the API admin server runs.";
-    };
-
-    webAppPort = mkOption {
-      type = types.port;
-      default = 10000;
-      description = "Port on which the web application runs.";
-    };
-
-    domain = mkOption {
-      type = types.str;
-      default = null;
-      description = "Domain to use for the application.";
-    };
-
-    acmeEmail = mkOption {
-      type = types.str;
-      default = null;
-      description = "Email to notify for the SSL certificate renewal process.";
-    };
-
-    dnsProvider = mkOption {
-      type = types.str;
-      default = null;
-      description = "DNS provider for the DNS-01 challenge (required for wildcard domains).";
-    };
-
-    dnsEnvironmentFile = mkOption {
-      type = types.path;
-      default = null;
-      description = "API secrets for the DNS-01 challenge (required for wildcard domains).";
-    };
-
-    settings = mkOption {
-      type = types.submodule {
-        options = {
-          disableRegistration = mkOption {
-            type = types.bool;
-            default = false;
-            description = "By default any user can create an account. That behavior can be disabled by using this option.";
-          };
-          maxUserWebsites = mkOption {
-            type = types.int;
-            default = 2;
-            description = "Maximum number of websites allowed per user by default.";
-          };
-          maxWebsiteStorageSize = mkOption {
-            type = types.int;
-            default = 500;
-            description = "Maximum amount of disk space in MB allowed per user website by default.";
-          };
-        };
-      };
-    };
-  };
-
-  config = mkIf cfg.enable {
-    users.users.${cfg.user} = {
-      isSystemUser = true;
-      group = cfg.group;
-    };
-
-    users.groups.${cfg.group} = {
-      members = [
-        "nginx"
-        "postgres"
-      ];
-    };
-
-    systemd.tmpfiles.rules = [
-      "d /var/www 0755 root root -"
-      "d /var/www/archtika-websites 0770 ${cfg.user} ${cfg.group} -"
-    ];
-
-    systemd.services.archtika-api = {
-      description = "archtika API service";
-      wantedBy = [ "multi-user.target" ];
-      after = [
-        "network.target"
-        "postgresql.service"
-      ];
-
-      serviceConfig = baseHardenedSystemdOptions // {
-        User = cfg.user;
-        Group = cfg.group;
-        Restart = "always";
-        WorkingDirectory = "${cfg.package}/rest-api";
-
-        RestrictAddressFamilies = [
-          "AF_INET"
-          "AF_INET6"
-          "AF_UNIX"
-        ];
-      };
-
-      script = ''
-        JWT_SECRET=$(tr -dc 'A-Za-z0-9' < /dev/urandom | head -c64)
-
-        ${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:5432/${cfg.databaseName} -c "ALTER DATABASE ${cfg.databaseName} SET \"app.jwt_secret\" TO '$JWT_SECRET'"
-        ${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:5432/${cfg.databaseName} -c "ALTER DATABASE ${cfg.databaseName} SET \"app.website_max_storage_size\" TO ${toString cfg.settings.maxWebsiteStorageSize}"
-        ${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:5432/${cfg.databaseName} -c "ALTER DATABASE ${cfg.databaseName} SET \"app.website_max_number_user\" TO ${toString cfg.settings.maxUserWebsites}"
-
-        ${pkgs.dbmate}/bin/dbmate --url postgres://postgres@localhost:5432/archtika?sslmode=disable --migrations-dir ${cfg.package}/rest-api/db/migrations up
-
-        PGRST_SERVER_CORS_ALLOWED_ORIGINS="https://${cfg.domain}" PGRST_ADMIN_SERVER_PORT=${toString cfg.apiAdminPort} PGRST_SERVER_PORT=${toString cfg.apiPort} PGRST_DB_SCHEMAS="api" PGRST_DB_ANON_ROLE="anon" PGRST_OPENAPI_MODE="ignore-privileges" PGRST_DB_URI="postgres://authenticator@localhost:5432/${cfg.databaseName}" PGRST_JWT_SECRET="$JWT_SECRET" ${pkgs.postgrest}/bin/postgrest
-      '';
-    };
-
-    systemd.services.archtika-web = {
-      description = "archtika Web App service";
-      wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" ];
-
-      serviceConfig = baseHardenedSystemdOptions // {
-        User = cfg.user;
-        Group = cfg.group;
-        Restart = "always";
-        WorkingDirectory = "${cfg.package}/web-app";
-
-        RestrictAddressFamilies = [
-          "AF_INET"
-          "AF_INET6"
-        ];
-      };
-
-      script = ''
-        REGISTRATION_IS_DISABLED=${toString cfg.settings.disableRegistration} BODY_SIZE_LIMIT=10M ORIGIN=https://${cfg.domain} PORT=${toString cfg.webAppPort} ${pkgs.nodejs_22}/bin/node ${cfg.package}/web-app
-      '';
-    };
-
-    services.postgresql = {
-      enable = true;
-      package = pkgs.postgresql_16;
-      ensureDatabases = [ cfg.databaseName ];
-      authentication = lib.mkForce ''
-        # IPv4 local connections:
-        host    all    all    127.0.0.1/32    trust
-        # IPv6 local connections:
-        host    all    all    ::1/128         trust
-        # Local socket connections:
-        local   all    all                    trust
-      '';
-      extraPlugins = with pkgs.postgresql16Packages; [ pgjwt ];
-    };
-
-    systemd.services.postgresql = {
-      path = with pkgs; [
-        # Tar and gzip are needed for tar.gz exports
-        gnutar
-        gzip
-      ];
-    };
-
-    services.nginx = {
-      enable = true;
-      recommendedProxySettings = true;
-      recommendedTlsSettings = true;
-      recommendedZstdSettings = true;
-      recommendedOptimisation = true;
-
-      appendHttpConfig = ''
-        limit_req_zone $binary_remote_addr zone=requestLimit:10m rate=5r/s;
-        limit_req_status 429;
-        limit_req zone=requestLimit burst=20 nodelay;
-
-        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-        add_header X-Frame-Options "SAMEORIGIN" always;
-        add_header X-Content-Type-Options "nosniff" always;
-        add_header Referrer-Policy "strict-origin-when-cross-origin" always;
-        add_header Permissions-Policy "accelerometer=(),autoplay=(),camera=(),cross-origin-isolated=(),display-capture=(),encrypted-media=(),fullscreen=(self),geolocation=(),gyroscope=(),keyboard-map=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(self),publickey-credentials-get=(),screen-wake-lock=(),sync-xhr=(self),usb=(),xr-spatial-tracking=(),clipboard-read=(self),clipboard-write=(self),gamepad=(),hid=(),idle-detection=(),interest-cohort=(),serial=(),unload=()" always;
-
-        map $http_cookie $auth_header {
-          default "";
-          "~*session_token=([^;]+)" "Bearer $1";
-        }
-      '';
-
-      virtualHosts = {
-        "${cfg.domain}" = {
-          useACMEHost = cfg.domain;
-          forceSSL = true;
-          locations = {
-            "/" = {
-              proxyPass = "http://localhost:${toString cfg.webAppPort}";
-            };
-            "/previews/" = {
-              alias = "/var/www/archtika-websites/previews/";
-              index = "index.html";
-              tryFiles = "$uri $uri/ $uri.html =404";
-            };
-            "/api/rpc/export_articles_zip" = {
-              proxyPass = "http://localhost:${toString cfg.apiPort}/rpc/export_articles_zip";
-              extraConfig = ''
-                default_type application/json;
-                proxy_set_header Authorization $auth_header;
-              '';
-            };
-            "/api/" = {
-              proxyPass = "http://localhost:${toString cfg.apiPort}/";
-              extraConfig = ''
-                default_type application/json;
-              '';
-            };
-            "/api/rpc/register" = mkIf cfg.settings.disableRegistration {
-              extraConfig = ''
-                deny all;
-              '';
-            };
-          };
-        };
-        "~^(?<subdomain>.+)\\.${cfg.domain}$" = {
-          useACMEHost = cfg.domain;
-          forceSSL = true;
-          locations = {
-            "/" = {
-              root = "/var/www/archtika-websites/$subdomain";
-              index = "index.html";
-              tryFiles = "$uri $uri/ $uri.html =404";
-            };
-          };
-        };
-      };
-    };
-
-    security.acme = {
-      acceptTerms = true;
-      defaults.email = cfg.acmeEmail;
-      certs."${cfg.domain}" = {
-        domain = cfg.domain;
-        extraDomainNames = [ "*.${cfg.domain}" ];
-        dnsProvider = cfg.dnsProvider;
-        environmentFile = cfg.dnsEnvironmentFile;
-        group = config.services.nginx.group;
-      };
-    };
-  };
-}

nix/package.nix

@@ -7,14 +7,10 @@
 }:
 
 let
-  pname = "archtika";
-  version = "1.0.0";
-
   web = buildNpmPackage {
     name = "web-app";
     src = ../web-app;
-    npmDeps = importNpmLock { npmRoot = ../web-app; };
+    npmDepsHash = "sha256-ab7MJ5vl6XNaAHTyzRxj/Zpk1nEKQLzGmPGJdDrdemg=";
-    npmConfigHook = importNpmLock.npmConfigHook;
     npmFlags = [ "--legacy-peer-deps" ];
     installPhase = ''
       mkdir -p $out/web-app
@@ -35,17 +31,11 @@ let
   };
 in
 symlinkJoin {
-  name = pname;
+  name = "archtika";
+  pname = "archtika";
+
   paths = [
     web
     api
   ];
-
-  meta = with lib; {
-    description = "A modern, performant and lightweight CMS";
-    homepage = "https://archtika.com";
-    license = licenses.mit;
-    maintainers = with maintainers; [ thiloho ];
-    platforms = platforms.unix;
-  };
 }

rest-api/db/migrations/20240719071602_main_tables.sql

@@ -157,41 +157,3 @@ CREATE TABLE internal.collab (
 );
 
 -- migrate:down
-DROP TABLE internal.collab;
-
-DROP TABLE internal.footer;
-
-DROP TABLE internal.article;
-
-DROP TABLE internal.docs_category;
-
-DROP TABLE internal.home;
-
-DROP TABLE internal.header;
-
-DROP TABLE internal.settings;
-
-DROP TABLE internal.media;
-
-DROP TABLE internal.website;
-
-DROP TABLE internal.user;
-
-DROP SCHEMA api;
-
-DROP FUNCTION internal.generate_slug;
-
-DROP SCHEMA internal;
-
-DROP ROLE anon;
-
-DROP ROLE authenticated_user;
-
-DROP ROLE administrator;
-
-DROP ROLE authenticator;
-
-ALTER DEFAULT PRIVILEGES GRANT EXECUTE ON FUNCTIONS TO PUBLIC;
-
-DROP EXTENSION unaccent;
-

rest-api/db/migrations/20240720073454_automatic_schema_cache_reloading.sql

@@ -13,7 +13,3 @@ CREATE EVENT TRIGGER pgrst_watch ON ddl_command_end
   EXECUTE FUNCTION internal.pgrst_watch ();
 
 -- migrate:down
-DROP EVENT TRIGGER pgrst_watch;
-
-DROP FUNCTION internal.pgrst_watch;
-

rest-api/db/migrations/20240720074103_user_management_roles_jwt.sql

@@ -170,23 +170,3 @@ GRANT EXECUTE ON FUNCTION api.login TO anon;
 GRANT EXECUTE ON FUNCTION api.delete_account TO authenticated_user;
 
 -- migrate:down
-DROP TRIGGER encrypt_pass ON internal.user;
-
-DROP TRIGGER ensure_user_role_exists ON internal.user;
-
-DROP FUNCTION api.register;
-
-DROP FUNCTION api.login;
-
-DROP FUNCTION api.delete_account;
-
-DROP FUNCTION internal.user_role;
-
-DROP FUNCTION internal.encrypt_pass;
-
-DROP FUNCTION internal.check_role_exists;
-
-DROP EXTENSION pgjwt;
-
-DROP EXTENSION pgcrypto;
-

rest-api/db/migrations/20240720132802_exposed_views_functions.sql

@@ -163,25 +163,3 @@ GRANT SELECT, INSERT (website_id, user_id, permission_level), UPDATE (permission
 GRANT SELECT, INSERT, UPDATE, DELETE ON api.collab TO authenticated_user;
 
 -- migrate:down
-DROP FUNCTION api.create_website;
-
-DROP VIEW api.collab;
-
-DROP VIEW api.footer;
-
-DROP VIEW api.home;
-
-DROP VIEW api.docs_category;
-
-DROP VIEW api.article;
-
-DROP VIEW api.header;
-
-DROP VIEW api.settings;
-
-DROP VIEW api.website;
-
-DROP VIEW api.user;
-
-DROP VIEW api.account;
-

rest-api/db/migrations/20240724191017_row_level_security.sql

@@ -170,77 +170,3 @@ CREATE POLICY delete_collaborations ON internal.collab
     USING (internal.user_has_website_access (website_id, 30, collaborator_permission_level => permission_level, collaborator_user_id => user_id));
 
 -- migrate:down
-DROP POLICY view_user ON internal.user;
-
-DROP POLICY update_user ON internal.user;
-
-DROP POLICY delete_user ON internal.user;
-
-DROP POLICY view_websites ON internal.website;
-
-DROP POLICY delete_website ON internal.website;
-
-DROP POLICY update_website ON internal.website;
-
-DROP POLICY view_settings ON internal.settings;
-
-DROP POLICY update_settings ON internal.settings;
-
-DROP POLICY view_header ON internal.header;
-
-DROP POLICY update_header ON internal.header;
-
-DROP POLICY view_home ON internal.home;
-
-DROP POLICY update_home ON internal.home;
-
-DROP POLICY view_articles ON internal.article;
-
-DROP POLICY update_article ON internal.article;
-
-DROP POLICY delete_article ON internal.article;
-
-DROP POLICY insert_article ON internal.article;
-
-DROP POLICY view_categories ON internal.docs_category;
-
-DROP POLICY update_category ON internal.docs_category;
-
-DROP POLICY delete_category ON internal.docs_category;
-
-DROP POLICY insert_category ON internal.docs_category;
-
-DROP POLICY view_footer ON internal.footer;
-
-DROP POLICY update_footer ON internal.footer;
-
-DROP POLICY view_collaborations ON internal.collab;
-
-DROP POLICY insert_collaborations ON internal.collab;
-
-DROP POLICY update_collaborations ON internal.collab;
-
-DROP POLICY delete_collaborations ON internal.collab;
-
-DROP FUNCTION internal.user_has_website_access;
-
-ALTER TABLE internal.user DISABLE ROW LEVEL SECURITY;
-
-ALTER TABLE internal.website DISABLE ROW LEVEL SECURITY;
-
-ALTER TABLE internal.media DISABLE ROW LEVEL SECURITY;
-
-ALTER TABLE internal.settings DISABLE ROW LEVEL SECURITY;
-
-ALTER TABLE internal.header DISABLE ROW LEVEL SECURITY;
-
-ALTER TABLE internal.home DISABLE ROW LEVEL SECURITY;
-
-ALTER TABLE internal.article DISABLE ROW LEVEL SECURITY;
-
-ALTER TABLE internal.docs_category DISABLE ROW LEVEL SECURITY;
-
-ALTER TABLE internal.footer DISABLE ROW LEVEL SECURITY;
-
-ALTER TABLE internal.collab DISABLE ROW LEVEL SECURITY;
-

rest-api/db/migrations/20240805132306_last_modified_triggers.sql

@@ -74,21 +74,3 @@ CREATE TRIGGER update_collab_last_modified
   EXECUTE FUNCTION internal.update_last_modified ();
 
 -- migrate:down
-DROP TRIGGER update_website_last_modified ON internal.website;
-
-DROP TRIGGER update_settings_last_modified ON internal.settings;
-
-DROP TRIGGER update_header_last_modified ON internal.header;
-
-DROP TRIGGER update_home_last_modified ON internal.home;
-
-DROP TRIGGER update_article_last_modified ON internal.article;
-
-DROP TRIGGER update_docs_category_modified ON internal.docs_category;
-
-DROP TRIGGER update_footer_last_modified ON internal.footer;
-
-DROP TRIGGER update_collab_last_modified ON internal.collab;
-
-DROP FUNCTION internal.update_last_modified;
-

rest-api/db/migrations/20240808141708_collaborator_not_owner.sql

@@ -24,7 +24,3 @@ CREATE CONSTRAINT TRIGGER check_user_not_website_owner
   EXECUTE FUNCTION internal.check_user_not_website_owner ();
 
 -- migrate:down
-DROP TRIGGER check_user_not_website_owner ON internal.collab;
-
-DROP FUNCTION internal.check_user_not_website_owner;
-

rest-api/db/migrations/20240810115846_image_upload_function.sql

@@ -95,9 +95,3 @@ GRANT EXECUTE ON FUNCTION api.retrieve_file TO anon;
 GRANT EXECUTE ON FUNCTION api.retrieve_file TO authenticated_user;
 
 -- migrate:down
-DROP FUNCTION api.upload_file;
-
-DROP FUNCTION api.retrieve_file;
-
-DROP DOMAIN "*/*";
-

rest-api/db/migrations/20240911070907_change_log.sql

@@ -133,29 +133,3 @@ CREATE TRIGGER track_changes_collab
   EXECUTE FUNCTION internal.track_changes ();
 
 -- migrate:down
-DROP TRIGGER track_changes_website ON internal.website;
-
-DROP TRIGGER track_changes_media ON internal.media;
-
-DROP TRIGGER track_changes_settings ON internal.settings;
-
-DROP TRIGGER track_changes_header ON internal.header;
-
-DROP TRIGGER track_changes_home ON internal.home;
-
-DROP TRIGGER track_changes_article ON internal.article;
-
-DROP TRIGGER track_changes_docs_category ON internal.docs_category;
-
-DROP TRIGGER track_changes_footer ON internal.footer;
-
-DROP TRIGGER track_changes_collab ON internal.collab;
-
-DROP FUNCTION internal.track_changes;
-
-DROP VIEW api.change_log;
-
-DROP TABLE internal.change_log;
-
-DROP EXTENSION hstore;
-

rest-api/db/migrations/20241006165029_administrator.sql

@@ -141,29 +141,3 @@ GRANT UPDATE, DELETE ON internal.user TO administrator;
 GRANT UPDATE, DELETE ON api.user TO administrator;
 
 -- migrate:down
-DROP FUNCTION api.user_websites_storage_size;
-
-DROP TRIGGER _prevent_storage_excess_article ON internal.article;
-
-DROP TRIGGER _prevent_storage_excess_collab ON internal.collab;
-
-DROP TRIGGER _prevent_storage_excess_docs_category ON internal.docs_category;
-
-DROP TRIGGER _prevent_storage_excess_footer ON internal.footer;
-
-DROP TRIGGER _prevent_storage_excess_header ON internal.header;
-
-DROP TRIGGER _prevent_storage_excess_home ON internal.home;
-
-DROP TRIGGER _prevent_storage_excess_media ON internal.media;
-
-DROP TRIGGER _prevent_storage_excess_settings ON internal.settings;
-
-DROP FUNCTION internal.prevent_website_storage_size_excess;
-
-REVOKE UPDATE (max_storage_size) ON internal.website FROM administrator;
-
-REVOKE UPDATE, DELETE ON internal.user FROM administrator;
-
-REVOKE UPDATE, DELETE ON api.user FROM administrator;
-

rest-api/db/migrations/20241011092744_filesystem_triggers.sql

@@ -56,9 +56,3 @@ CREATE TRIGGER _cleanup_filesystem_article
   EXECUTE FUNCTION internal.cleanup_filesystem ();
 
 -- migrate:down
-DROP TRIGGER _cleanup_filesystem_website ON internal.website;
-
-DROP TRIGGER _cleanup_filesystem_article ON internal.article;
-
-DROP FUNCTION internal.cleanup_filesystem;
-

rest-api/db/migrations/20241029160539_export_articles.sql

@@ -39,5 +39,3 @@ SECURITY DEFINER;
 GRANT EXECUTE ON FUNCTION api.export_articles_zip TO authenticated_user;
 
 -- migrate:down
-DROP FUNCTION api.export_articles_zip;
-

rest-api/db/migrations/20241206191942_username_blocklist.sql

@@ -3,6 +3,3 @@ ALTER TABLE internal.user
   ADD CONSTRAINT username_not_blocked CHECK (LOWER(username) NOT IN ('admin', 'administrator', 'api', 'auth', 'blog', 'cdn', 'docs', 'help', 'login', 'logout', 'profile', 'register', 'settings', 'setup', 'signin', 'signup', 'support', 'test', 'www'));
 
 -- migrate:down
-ALTER TABLE internal.user
-  DROP CONSTRAINT username_not_blocked;
-

rest-api/db/migrations/20250323134405_username_blocklist.sql

@@ -0,0 +1,8 @@
+-- migrate:up
+ALTER TABLE internal.user
+  DROP CONSTRAINT username_not_blocked;
+
+ALTER TABLE internal.user
+  ADD CONSTRAINT username_not_blocked CHECK (LOWER(username) NOT IN ('admin', 'administrator', 'api', 'auth', 'blog', 'cdn', 'docs', 'help', 'login', 'logout', 'profile', 'preview', 'previews', 'register', 'settings', 'setup', 'signin', 'signup', 'support', 'test', 'www'));
+
+-- migrate:down

rest-api/db/migrations/20250410150518_filesystem_triggers.sql

@@ -0,0 +1,88 @@
+-- migrate:up
+DROP TRIGGER _cleanup_filesystem_website ON internal.website;
+
+DROP TRIGGER _cleanup_filesystem_article ON internal.article;
+
+DROP FUNCTION internal.cleanup_filesystem;
+
+CREATE FUNCTION internal.cleanup_filesystem ()
+  RETURNS TRIGGER
+  AS $$
+DECLARE
+  _website_id UUID;
+  _website_user_id UUID;
+  _website_slug TEXT;
+  _username TEXT;
+  _base_path CONSTANT TEXT := '/var/www/archtika-websites';
+  _preview_path TEXT;
+  _prod_path TEXT;
+  _article_slug TEXT;
+BEGIN
+  IF TG_TABLE_NAME = 'website' THEN
+    _website_id := OLD.id;
+    _website_user_id = OLD.user_id;
+    _website_slug := OLD.slug;
+  ELSE
+    _website_id := OLD.website_id;
+  END IF;
+  SELECT
+    u.username INTO _username
+  FROM
+    internal.user AS u
+  WHERE
+    u.id = _website_user_id;
+  _preview_path := _base_path || '/previews/' || _website_id;
+  IF TG_TABLE_NAME = 'website' THEN
+    EXECUTE FORMAT('COPY (SELECT 1) TO PROGRAM ''rm -rf %s''', _preview_path);
+    IF _username IS NOT NULL THEN
+      _prod_path := _base_path || '/' || _username || '/' || _website_slug;
+      EXECUTE FORMAT('COPY (SELECT 1) TO PROGRAM ''rm -rf %s''', _prod_path);
+    END IF;
+  ELSIF TG_TABLE_NAME = 'article' THEN
+    SELECT
+      a.slug INTO _article_slug
+    FROM
+      internal.article AS a
+    WHERE
+      a.id = OLD.id;
+    EXECUTE FORMAT('COPY (SELECT 1) TO PROGRAM ''rm -f %s/articles/%s.html''', _preview_path, _article_slug);
+  END IF;
+  RETURN COALESCE(NEW, OLD);
+END;
+$$
+LANGUAGE plpgsql
+SECURITY DEFINER;
+
+CREATE FUNCTION internal.cleanup_user_directory ()
+  RETURNS TRIGGER
+  AS $$
+DECLARE
+  _username TEXT;
+  _base_path CONSTANT TEXT := '/var/www/archtika-websites';
+  _user_path TEXT;
+BEGIN
+  _username := OLD.username;
+  _user_path := _base_path || '/' || _username;
+  EXECUTE FORMAT('COPY (SELECT 1) TO PROGRAM ''rm -rf %s''', _user_path);
+  RETURN OLD;
+END;
+$$
+LANGUAGE plpgsql
+SECURITY DEFINER;
+
+CREATE TRIGGER _cleanup_filesystem_website
+  BEFORE UPDATE OF title OR DELETE ON internal.website
+  FOR EACH ROW
+  EXECUTE FUNCTION internal.cleanup_filesystem ();
+
+CREATE TRIGGER _cleanup_filesystem_article
+  BEFORE UPDATE OF title OR DELETE ON internal.article
+  FOR EACH ROW
+  EXECUTE FUNCTION internal.cleanup_filesystem ();
+
+CREATE TRIGGER _cleanup_user_directory
+  BEFORE DELETE ON internal.user
+  FOR EACH ROW
+  EXECUTE FUNCTION internal.cleanup_user_directory ();
+
+-- migrate:down

web-app/package.json

@@ -11,38 +11,38 @@
     "check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch",
     "lint": "prettier --check . && eslint .",
     "format": "prettier --write .",
-    "gents": "pg-to-ts generate -c postgres://postgres@localhost:15432/archtika -o src/lib/db-schema.ts -s internal --datesAsStrings"
+    "gents": "pg-to-ts generate -c postgres://postgres@127.0.0.1:15432/archtika -o src/lib/db-schema.ts -s internal --datesAsStrings"
   },
   "devDependencies": {
-    "@playwright/test": "1.47.0",
+    "@playwright/test": "1.50.1",
-    "@sveltejs/adapter-auto": "3.2.5",
+    "@sveltejs/adapter-auto": "5.0.0",
-    "@sveltejs/adapter-node": "5.2.3",
+    "@sveltejs/adapter-node": "5.2.12",
-    "@sveltejs/kit": "2.5.28",
+    "@sveltejs/kit": "2.20.2",
-    "@sveltejs/vite-plugin-svelte": "4.0.0-next.6",
+    "@sveltejs/vite-plugin-svelte": "5.0.3",
-    "@types/diff-match-patch": "1.0.36",
+    "@types/diff": "7.0.2",
     "@types/eslint": "9.6.1",
-    "@types/eslint__js": "8.42.3",
+    "@types/eslint__js": "9.14.0",
     "@types/eslint-config-prettier": "6.11.3",
-    "@types/node": "22.5.5",
+    "@types/node": "22.13.11",
-    "eslint": "9.15.0",
+    "eslint": "9.23.0",
-    "eslint-config-prettier": "9.1.0",
+    "eslint-config-prettier": "10.1.1",
-    "eslint-plugin-svelte": "2.44.0",
+    "eslint-plugin-svelte": "3.3.3",
-    "globals": "15.9.0",
+    "globals": "16.0.0",
     "pg-to-ts": "4.1.1",
-    "prettier": "3.3.3",
+    "prettier": "3.5.3",
-    "prettier-plugin-svelte": "3.2.6",
+    "prettier-plugin-svelte": "3.3.3",
-    "svelte": "5.0.0-next.253",
+    "svelte": "5.25.3",
-    "svelte-check": "4.0.2",
+    "svelte-check": "4.1.5",
-    "typescript": "5.6.2",
+    "typescript": "5.8.2",
-    "typescript-eslint": "8.6.0",
+    "typescript-eslint": "8.27.0",
-    "vite": "5.4.6"
+    "vite": "6.2.5"
   },
   "dependencies": {
-    "diff-match-patch": "1.0.5",
+    "diff": "7.0.0",
-    "highlight.js": "11.10.0",
+    "highlight.js": "11.11.1",
-    "isomorphic-dompurify": "2.15.0",
+    "isomorphic-dompurify": "2.22.0",
-    "marked": "14.1.2",
+    "marked": "15.0.7",
-    "marked-highlight": "2.1.4"
+    "marked-highlight": "2.2.1"
   },
   "overrides": {
     "cookie": "0.7.0"

web-app/src/lib/components/Pagination.svelte

@@ -8,7 +8,7 @@
 
 <div class="pagination">
   {#snippet commonFilterInputs()}
-    {#each commonFilters as filter}
+    {#each commonFilters as filter (filter)}
       <input type="hidden" name={filter} value={$page.url.searchParams.get(filter)} />
     {/each}
   {/snippet}

web-app/src/lib/components/WebsiteEditor.svelte

@@ -3,6 +3,7 @@
   import { md } from "$lib/utils";
   import { page } from "$app/stores";
   import { previewContent, textareaScrollTop } from "$lib/runes.svelte";
+  import { browser } from "$app/environment";
 
   const {
     id,
@@ -38,7 +39,7 @@
 
   <nav class="operations__nav">
     <ul class="unpadded">
-      {#each tabs.filter((tab) => (tab !== "categories" && contentType === "Blog") || contentType === "Docs") as tab}
+      {#each tabs.filter((tab) => (tab !== "categories" && contentType === "Blog") || contentType === "Docs") as tab (tab)}
         <li>
           <a
             href="/website/{id}{tab === 'settings' ? '' : `/${tab}`}"
@@ -57,14 +58,14 @@
 
 <div class="preview" bind:this={previewElement}>
   {#if fullPreview}
-    {#if !iframeLoaded}
+    {#if !iframeLoaded && browser}
       <p>Loading preview...</p>
     {/if}
     <iframe
       src={previewContent.value}
       title="Preview"
       onload={() => (iframeLoaded = true)}
-      style:display={iframeLoaded ? "block" : "none"}
+      style:display={!browser || iframeLoaded ? "block" : "none"}
     ></iframe>
   {:else}
     {@html md(
@@ -131,6 +132,9 @@
 
     .operations {
       padding-block-start: var(--space-s);
+      resize: horizontal;
+      min-inline-size: 100%;
+      max-inline-size: calc(1536px - 320px);
     }
 
     .preview {

web-app/src/lib/db-schema.ts

@@ -5,7 +5,7 @@
  * AUTO-GENERATED FILE - DO NOT EDIT!
  *
  * This file was automatically generated by pg-to-ts v.4.1.1
- * $ pg-to-ts generate -c postgres://username:password@localhost:15432/archtika -t article -t change_log -t collab -t docs_category -t footer -t header -t home -t media -t settings -t user -t website -s internal
+ * $ pg-to-ts generate -c postgres://username:password@127.0.0.1:15432/archtika -t article -t change_log -t collab -t docs_category -t footer -t header -t home -t media -t settings -t user -t website -s internal
  *
  */
 

web-app/src/lib/server/utils.ts

@@ -1,8 +1,8 @@
 import { dev } from "$app/environment";
 
 export const API_BASE_PREFIX = dev
-  ? "http://localhost:3000"
+  ? "http://127.0.0.1:3000"
-  : `${process.env.ORIGIN ? `${process.env.ORIGIN}/api` : "http://localhost:3000"}`;
+  : `${process.env.ORIGIN ? `${process.env.ORIGIN}/api` : "http://127.0.0.1:3000"}`;
 
 export const REGISTRATION_IS_DISABLED = dev
   ? false
@@ -16,6 +16,7 @@ export const apiRequest = async (
   method: "HEAD" | "GET" | "POST" | "PATCH" | "DELETE",
   options: {
     headers?: Record<string, string>;
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
     body?: any;
     successMessage?: string;
     returnData?: boolean;

web-app/src/lib/templates/Index.svelte

@@ -54,18 +54,18 @@
         </h2>
 
         <ul class="unpadded">
-          {#each sortedArticles as article}
+          {#each sortedArticles as { id, publication_date, slug, title, meta_description } (id)}
             <li>
-              {#if article.publication_date}
+              {#if publication_date}
-                <p>{article.publication_date}</p>
+                <p>{publication_date}</p>
               {/if}
               <p>
                 <strong>
-                  <a href="./articles/{article.slug}">{article.title}</a>
+                  <a href="./articles/{slug}">{title}</a>
                 </strong>
               </p>
-              {#if article.meta_description}
+              {#if meta_description}
-                <p>{article.meta_description}</p>
+                <p>{meta_description}</p>
               {/if}
             </li>
           {/each}

web-app/src/lib/templates/Nav.svelte

@@ -55,11 +55,11 @@
 
       <section id="docs-navigation" class="docs-navigation">
         <ul>
-          {#each Object.keys(categorizedArticles) as key}
+          {#each Object.keys(categorizedArticles) as key (key)}
             <li>
               <strong>{key}</strong>
               <ul>
-                {#each categorizedArticles[key] as { title, slug }}
+                {#each categorizedArticles[key] as { title, slug } (slug)}
                   <li>
                     <a href="{isIndexPage ? './articles' : '.'}/{slug}">{title}</a>
                   </li>
@@ -75,9 +75,8 @@
         <strong>{websiteOverview.header.logo_text}</strong>
       {:else}
         <img
+          class="top-nav-logo"
           src="{apiUrl}/rpc/retrieve_file?id={websiteOverview.header.logo_image}"
-          width="32"
-          height="32"
           alt=""
         />
       {/if}

web-app/src/lib/utils.ts

@@ -1,5 +1,5 @@
-import { Marked } from "marked";
+import { Marked, Renderer } from "marked";
-import type { Renderer, Token } from "marked";
+import type { Token } from "marked";
 import { markedHighlight } from "marked-highlight";
 import hljs from "highlight.js";
 import DOMPurify from "isomorphic-dompurify";
@@ -40,6 +40,7 @@ const slugify = (string: string) => {
 
 const createMarkdownParser = (showToc = true) => {
   const marked = new Marked();
+  const renderer = new Renderer();
 
   marked.use({
     async: false,
@@ -58,6 +59,14 @@ const createMarkdownParser = (showToc = true) => {
     })
   );
 
+  marked.use({
+    renderer: {
+      table(...args) {
+        return `<div class="scroll-container">${renderer.table.apply(this, args)}</div>`;
+      }
+    }
+  });
+
   const gfmHeadingId = ({ prefix = "", showToc = true } = {}) => {
     const headings: { text: string; level: number; id: string }[] = [];
     const sectionStack: { level: number; id: string }[] = [];

web-app/src/routes/(authenticated)/account/+page.svelte

@@ -39,7 +39,7 @@
       <a href="#storage">Storage</a>
     </h2>
     <ul class="unpadded storage-grid">
-      {#each data.storageSizes.data as { website_title, storage_size_bytes, max_storage_bytes, max_storage_pretty, diff_storage_pretty }}
+      {#each data.storageSizes.data as { website_id, website_title, storage_size_bytes, max_storage_bytes, max_storage_pretty, diff_storage_pretty } (website_id)}
         <li>
           <strong>{website_title}</strong>
           <label>

web-app/src/routes/(authenticated)/website/[websiteId]/+page.server.ts

@@ -72,6 +72,19 @@ export const actions: Actions = {
       }
     );
   },
+  removeFavicon: async ({ fetch, params }) => {
+    return await apiRequest(
+      fetch,
+      `${API_BASE_PREFIX}/settings?website_id=eq.${params.websiteId}`,
+      "PATCH",
+      {
+        body: {
+          favicon_image: null
+        },
+        successMessage: "Successfully removed favicon"
+      }
+    );
+  },
   updateHeader: async ({ request, fetch, params }) => {
     const data = await request.formData();
     const logoImage = data.get("logo-image") as File;
@@ -110,6 +123,19 @@ export const actions: Actions = {
       }
     );
   },
+  removeLogoImage: async ({ fetch, params }) => {
+    return await apiRequest(
+      fetch,
+      `${API_BASE_PREFIX}/header?website_id=eq.${params.websiteId}`,
+      "PATCH",
+      {
+        body: {
+          logo_image: null
+        },
+        successMessage: "Successfully removed logo image"
+      }
+    );
+  },
   updateHome: async ({ request, fetch, params }) => {
     const data = await request.formData();
 

web-app/src/routes/(authenticated)/website/[websiteId]/+page.svelte

@@ -91,6 +91,13 @@
               src={`${data.API_BASE_PREFIX}/rpc/retrieve_file?id=${data.globalSettings.favicon_image}`}
               alt=""
             />
+            <form
+              method="POST"
+              action="?/removeFavicon"
+              use:enhance={enhanceForm({ reset: false, closeModal: true })}
+            >
+              <button type="submit">Remove</button>
+            </form>
           </Modal>
         {/if}
       </div>
@@ -129,7 +136,7 @@
       </label>
       <div class="file-field">
         <label>
-          Logo image:
+          Logo image (height should be &lt;= 32px):
           <input type="file" name="logo-image" accept={ALLOWED_MIME_TYPES.join(", ")} />
         </label>
         {#if data.header.logo_image}
@@ -138,6 +145,13 @@
               src={`${data.API_BASE_PREFIX}/rpc/retrieve_file?id=${data.header.logo_image}`}
               alt=""
             />
+            <form
+              method="POST"
+              action="?/removeLogoImage"
+              use:enhance={enhanceForm({ reset: false, closeModal: true })}
+            >
+              <button type="submit">Remove</button>
+            </form>
           </Modal>
         {/if}
       </div>

web-app/src/routes/(authenticated)/website/[websiteId]/articles/[articleId]/+page.server.ts

@@ -72,6 +72,19 @@ export const actions: Actions = {
       }
     );
   },
+  removeCoverImage: async ({ fetch, params }) => {
+    return await apiRequest(
+      fetch,
+      `${API_BASE_PREFIX}/article?id=eq.${params.articleId}`,
+      "PATCH",
+      {
+        body: {
+          cover_image: null
+        },
+        successMessage: "Successfully removed cover image"
+      }
+    );
+  },
   pasteImage: async ({ request, fetch, params }) => {
     const data = await request.formData();
     const file = data.get("file") as File;

web-app/src/routes/(authenticated)/website/[websiteId]/articles/[articleId]/+page.svelte

@@ -48,7 +48,7 @@
           <label>
             Category:
             <select name="category">
-              {#each data.categories as { id, category_name }}
+              {#each data.categories as { id, category_name } (id)}
                 <option value={id} selected={id === data.article.category}>{category_name}</option>
               {/each}
             </select>
@@ -107,6 +107,13 @@
                 src={`${data.API_BASE_PREFIX}/rpc/retrieve_file?id=${data.article.cover_image}`}
                 alt=""
               />
+              <form
+                method="POST"
+                action="?/removeCoverImage"
+                use:enhance={enhanceForm({ reset: false, closeModal: true })}
+              >
+                <button type="submit">Remove</button>
+              </form>
             </Modal>
           {/if}
         </div>

web-app/src/routes/(authenticated)/website/[websiteId]/logs/+page.server.ts

@@ -1,8 +1,8 @@
 import type { PageServerLoad, Actions } from "./$types";
 import { API_BASE_PREFIX, apiRequest } from "$lib/server/utils";
 import type { ChangeLog, User, Collab } from "$lib/db-schema";
-import DiffMatchPatch from "diff-match-patch";
 import { PAGINATION_MAX_ITEMS } from "$lib/utils";
+import * as Diff from "diff";
 
 export const load: PageServerLoad = async ({ parent, fetch, params, url }) => {
   const userFilter = url.searchParams.get("user");
@@ -76,21 +76,19 @@ export const actions: Actions = {
   computeDiff: async ({ request, fetch }) => {
     const data = await request.formData();
 
-    const dmp = new DiffMatchPatch();
-
     const htmlDiff = (oldValue: string, newValue: string) => {
-      const diff = dmp.diff_main(oldValue, newValue);
+      const diff = Diff.diffWordsWithSpace(oldValue, newValue);
-      dmp.diff_cleanupSemantic(diff);
 
       return diff
-        .map(([op, text]) => {
+        .map((part) => {
-          switch (op) {
+          const escapedText = part.value.replace(/</g, "&lt;").replace(/>/g, "&gt;");
-            case 1:
+
-              return `<ins>${text}</ins>`;
+          if (part.added) {
-            case -1:
+            return `<ins>${escapedText}</ins>`;
-              return `<del>${text}</del>`;
+          } else if (part.removed) {
-            default:
+            return `<del>${escapedText}</del>`;
-              return text;
+          } else {
+            return escapedText;
           }
         })
         .join("");
@@ -111,8 +109,12 @@ export const actions: Actions = {
     return {
       logId: data.get("id"),
       currentDiff: htmlDiff(
-        JSON.stringify(log.old_value, null, 2),
+        JSON.stringify(log.old_value, null, 2)
+          .replace(/\\r\\n|\\n|\\r/g, "\n")
+          .replace(/\\\"/g, '"'),
         JSON.stringify(log.new_value, null, 2)
+          .replace(/\\r\\n|\\n|\\r/g, "\n")
+          .replace(/\\\"/g, '"')
       )
     };
   }

web-app/src/routes/(authenticated)/website/[websiteId]/logs/+page.svelte

@@ -63,7 +63,7 @@
           />
           <datalist id="users-{data.website.id}">
             <option value={data.website.user.username}></option>
-            {#each data.collaborators as { user: { username } }}
+            {#each data.collaborators as { user: { username } } (username)}
               <option value={username}></option>
             {/each}
           </datalist>
@@ -72,7 +72,7 @@
           Resource:
           <select name="resource">
             <option value="all">Show all</option>
-            {#each Object.keys(resources) as resource}
+            {#each Object.keys(resources) as resource (resource)}
               <option
                 value={resource}
                 selected={resource === $page.url.searchParams.get("resource")}>{resource}</option
@@ -141,20 +141,18 @@
                       <button type="submit">Compute diff</button>
                     </form>
                     {#if form?.logId === id && form?.currentDiff}
-                      <pre>{@html DOMPurify.sanitize(form.currentDiff, {
+                      <pre>{@html form.currentDiff}</pre>
-                          ALLOWED_TAGS: ["ins", "del"]
-                        })}</pre>
                     {/if}
                   {/if}
 
                   {#if new_value && !old_value}
                     <h4>New value</h4>
-                    <pre>{DOMPurify.sanitize(newValue)}</pre>
+                    <pre>{newValue.replace(/\\\"/g, '"').replace(/\\r\\n|\\n|\\r/g, "\n")}</pre>
                   {/if}
 
                   {#if old_value && !new_value}
                     <h4>Old value</h4>
-                    <pre>{DOMPurify.sanitize(oldValue)}</pre>
+                    <pre>{oldValue.replace(/\\\"/g, '"').replace(/\\r\\n|\\n|\\r/g, "\n")}</pre>
                   {/if}
                 </Modal>
               </td>

web-app/src/routes/(authenticated)/website/[websiteId]/publish/+page.server.ts

@@ -98,17 +98,17 @@ const generateStaticFiles = async (
 ) => {
   const websitePreviewUrl = `${
     dev
-      ? "http://localhost:18000"
+      ? "http://127.0.0.1:18000"
       : process.env.ORIGIN
         ? process.env.ORIGIN
-        : "http://localhost:18000"
+        : "http://127.0.0.1:18000"
   }/previews/${websiteData.id}/`;
 
   const websiteProdUrl = dev
-    ? `http://localhost:18000/${websiteData.user.username}/${websiteData.slug}`
+    ? `http://127.0.0.1:18000/${websiteData.user.username}/${websiteData.slug}`
     : process.env.ORIGIN
       ? `${process.env.ORIGIN.replace("//", `//${websiteData.user.username}.`)}/${websiteData.slug}`
-      : `http://localhost:18000/${websiteData.user.username}/${websiteData.slug}`;
+      : `http://127.0.0.1:18000/${websiteData.user.username}/${websiteData.slug}`;
 
   const fileContents = (head: string, body: string) => {
     return `

web-app/src/routes/+layout.svelte

@@ -38,7 +38,7 @@
   <title>archtika | {routeName.replaceAll("/", " - ")}</title>
   <meta
     name="description"
-    content="FLOSS, modern, performant and lightweight CMS (Content Mangement System) with predefined templates"
+    content="FLOSS, modern, performant, lightweight and self-hosted CMS in the form of a web application"
   />
 </svelte:head>
 

web-app/template-styles/blog-styles.css

@@ -4,6 +4,7 @@
 }
 
 nav {
+  z-index: 10;
   position: sticky;
   block-size: var(--space-xl);
   display: flex;
@@ -32,7 +33,6 @@ header img {
   object-position: center;
 }
 
-nav,
 header,
 main {
   padding-block: var(--space-s);

web-app/template-styles/docs-styles.css

@@ -4,6 +4,7 @@
 }
 
 nav {
+  z-index: 10;
   position: sticky;
   block-size: var(--space-xl);
   display: flex;
@@ -25,7 +26,6 @@ header > .container {
   gap: var(--space-s);
 }
 
-nav,
 header,
 main {
   padding-block: var(--space-s);

web-app/tests/settings.spec.ts

@@ -50,9 +50,9 @@ test.describe("Website owner", () => {
     await page.getByLabel("Logo text:").click();
     await page.getByLabel("Logo text:").press("ControlOrMeta+a");
     await page.getByLabel("Logo text:").fill("Logo text");
-    await page.getByLabel("Logo image:").click();
+    await page.getByLabel(/Logo image/).click();
     await page
-      .getByLabel("Logo image")
+      .getByLabel(/Logo image/)
       .setInputFiles(join(__dirname, "sample-files", "archtika-logo-512x512.png"));
     await page.getByRole("button", { name: "Update header" }).click();
     await expect(page.getByText("Successfully updated header")).toBeVisible();
@@ -122,9 +122,9 @@ for (const permissionLevel of permissionLevels) {
       await page.getByLabel("Logo text:").click();
       await page.getByLabel("Logo text:").press("ControlOrMeta+a");
       await page.getByLabel("Logo text:").fill("Logo text");
-      await page.getByLabel("Logo image:").click();
+      await page.getByLabel(/Logo image/).click();
       await page
-        .getByLabel("Logo image")
+        .getByLabel(/Logo image/)
         .setInputFiles(join(__dirname, "sample-files", "archtika-logo-512x512.png"));
       await page
         .getByRole("button", { name: "Update header" })

website/CNAME

@@ -0,0 +1 @@
+archtika.com

website/archtika-logo-512x512.svg

@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   width="512"
+   height="512"
+   viewBox="0 0 512 512"
+   version="1.1"
+   id="svg1"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg">
+  <defs
+     id="defs1">
+    <clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath81">
+      <path
+         style="display:inline;fill:#808080;fill-opacity:1"
+         id="path81"
+         d="M 238.4745,221.60155 47.127052,272.87295 98.398447,81.525498 Z"
+         transform="matrix(1.8723891,0.38003672,-0.50170515,1.4183164,28.692837,-108.9927)" />
+    </clipPath>
+    <clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath82">
+      <path
+         style="display:inline;fill:#808080;fill-opacity:1"
+         id="path82"
+         d="M 238.4745,221.60155 47.127052,272.87295 98.398447,81.525498 Z"
+         transform="rotate(180,159.89124,183.45477)" />
+    </clipPath>
+    <clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath83">
+      <path
+         style="display:inline;fill:#808080;fill-opacity:1"
+         id="path83"
+         d="M 238.4745,221.60155 47.127052,272.87295 98.398447,81.525498 Z"
+         transform="rotate(180,96.108761,200.54523)" />
+    </clipPath>
+  </defs>
+  <g
+     id="layer1"
+     style="display:inline">
+    <g
+       id="g83"
+       transform="matrix(1.3333333,0,0,1.3333333,-85.333319,-8.1031545e-6)"
+       style="display:inline">
+      <path
+         style="fill:#4ae086;fill-opacity:1"
+         id="path49"
+         d="M 238.4745,221.60155 47.127052,272.87295 98.398447,81.525498 Z"
+         transform="matrix(-1.8723891,-0.5793192,0.50170515,-2.1620487,271.33842,745.26623)"
+         clip-path="url(#clipPath83)" />
+      <path
+         style="display:inline;fill:#00a056;fill-opacity:1"
+         id="path50"
+         d="M 238.4745,221.60155 47.127052,272.87295 98.398447,81.525498 Z"
+         transform="matrix(-1.8723891,-0.5793192,0.50170515,-2.1620487,527.33841,745.26623)"
+         clip-path="url(#clipPath82)" />
+      <path
+         id="path71"
+         style="display:inline;fill:#17c171;fill-opacity:1"
+         transform="matrix(1,0,0,1.5243769,83.968743,-67.120251)"
+         d="m 236.03126,128.00002 -64.00001,83.96874 -64,-83.96874 64,-83.968747 z"
+         clip-path="url(#clipPath81)" />
+    </g>
+  </g>
+</svg>

website/index.html

@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <script src="https://cdn.tailwindcss.com"></script>
+  <link
+    rel="icon"
+    href="./archtika-logo-512x512.svg"
+  />
+  <title>archtika CMS</title>
+  <meta name="description" content="FLOSS, modern, performant, lightweight and self-hosted CMS in the form of a web application" />
+</head>
+<body class="min-h-screen bg-neutral-50 bg-[url('./archtika-logo-512x512.svg')] bg-bottom bg-no-repeat bg-blend-luminosity">
+  <div class="mx-auto max-w-fit bg-neutral-50 p-8">
+    <h1 class="text-2xl font-bold text-neutral-900 sm:text-3xl md:text-4xl lg:text-5xl xl:text-6xl 2xl:text-7xl">archtika</h1>
+    <p class="mt-2 text-xl text-neutral-700 sm:text-2xl">FLOSS, modern, performant, lightweight and self&#8209;hosted CMS</p>
+    <div class="mt-8 flex flex-wrap gap-6 sm:justify-end">
+      <a href="https://github.com/archtika/archtika" class="text-neutral-900 rounded-full bg-neutral-200 px-4 py-2 outline outline-1 outline-offset-4 outline-neutral-300 hover:bg-neutral-300 hover:underline focus:outline-2 focus:outline-neutral-900">GitHub</a>    </div>
+  </div>
+</body>
+</html>